14-04-06

hundreds of maltyped domains hijacked by spyware and adfirms

Microsoft has released a tool to control if others were using the misspelling of others while searching the web and registered wrongtyped versions of your domainnames. Mostly those pages have just ads, searchfiles and spyware to install on your machine.

 

http://research.microsoft.com/URLTracer/
When a user visits a Web site, her browser may be instructed to visit other third-party domains without her knowledge. Some of these third-party domains raise security, privacy, and safety concerns. The Strider URL Tracer, available for download, is a tool that reveals these third-party domains, and it includes a Typo-Patrol feature that generates and scans sites that capitalize on inadvertent URL misspellings, a process known as typo-squatting. The tool also enables parents to block typo-squatting domains that serve adult ads on typos of children's Web sites 

 

and how they work is explained here
http://research.microsoft.com/Typo%2DPatrol/  if you have trouble dowloading, this is a functional http download link
http://ftpclubic10.clubic.com/temp-clubic-rx624/logiciel/...

you will need IE 6.0 (www.windowsupdate.com) and not IE 7 beta and you will also need .net installed (automatic link opens and in xp there is no restart necessary).

 

This is the tool to have if you have domain names.

For belgian names it is even more curious that www.dns.be has let registration of these kind of names go through. You should complain and ask that these domains that are internationally not allowed, should be closed if there is no legal or practical reason to have a site with this name (it can be that there is somebody else with a job just like yours but with one letter of difference).

You can use  http://www.dns.be/whois/    and type the names of the domains that you have found.

 

It can be that you thousands of the free .be domain names that have been attributed worldwide in the last campaign are in fact such bogus domains. The effect can be that trust in the .be domain can internationally go to a low-down as these are used for spyware, browser-installs and redirects with pop-ups.

http://www.dns.be/whois/  You will find information like this
Naam  belgtacom 
Status  REGISTERED 
Registratie  31 januari 2006 
Laatste wijziging  31 januari 2006 23:24 
Licentienemer 
Naam  LUIS RAMALHO  (the portugese owner)
Taal  Engels 
Adres   
Email   
Technische contactpersonen van de agent 
Naam  Departement Noms de Domaine 
Organisatie  AMEN (is a hosting firm)
 
Taal  Frans 
Adres  12-14, rond-point des Champs-Elysées
75008 Paris
Frankrijk 
Telefoon  +33.892556677 
Fax  +33.144757218 
Email  dns-be@amen.fr 
Agent 
Bedrijf  AMEN.FR L Agence des MEdias Numeriques
 
Website  AMEN.FR 
Nameservers 
  ns1.amenworld.com     
ns2.amenworld.com     
 
Geschiedenis 
  2006/01/31   CREATED

 

The firms that are according to Microsoft responsable for the most bogus domains are

 Oingo.com
 Domainsponsor.com/Information.com with the domain searchportal.information.com that you should block anyhow
 Sedoparking.com
 Qsrch.com
Netster.com
Hitfarm.com

 

We will find them also with belgian domains and also

revenue.net (oversee.net) which installs the pop-ups and redirects


ACT and re-act

17:15 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.